The Vvveb software by givanz has known security vulnerabilities that could allow unauthorized access or execution of arbitrary code.

🚨 EUVD-2026-23854 📊 Score: 5.1/10 (CVSS v3.1) 📦 Product: Vvveb, Vvveb 🏢 Vendor: givanz 📅 Updated: 2026-04-20 📝 Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executab... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23854 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23852 📊 Score: 8.3/10 (CVSS v3.1) 📦 Product: Vvveb, Vvveb 🏢 Vendor: givanz 📅 Updated: 2026-04-20 📝 Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authenticated back... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23852 #cybersecurity #infosec #euvd #cve #vulnerability